7636 matches found
DEBIAN-CVE-2006-6772
Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name CN field of an SSL certificate associated with an https URL...
CVE-2006-6772
Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name CN field of an SSL certificate associated with an https URL...
CVE-2006-6772
Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name CN field of an SSL certificate associated with an https URL...
CVE-2006-6772
Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name CN field of an SSL certificate associated with an https URL...
W3M SSL证书格式串处理漏洞
w3m是一款开放源码的文字式网页浏览器。 w3m在处理畸形格式的SSL证书里存在漏洞,远程攻击者可能利用此漏洞在用户机器上执行任意指令。 如果HTTPS URL的SSL证书中CN包含有“%n%n%n%n%n%n”字符的话,则w3m在以-dump或-backend选项打开上述URL时就会导致崩溃。 W3M W3M 0.5.1 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://w3m.sourceforge.net/...
Microsoft Project Server 2003 PDSRequest.ASP XML请求信息泄露漏洞
Microsoft Project server 2003实现部分瘦客户端功能,瘦客户端使用XML请求对HTTPS服务进行对话。 这些请求其中一个返回用于访问SQL数据库的MSProjectUser帐户的用户名和密码信息: -------------------------------------------------------------- POST http://SERVER/projectserver/logon/pdsrequest.asp HTTP/1.0 Accept: / Accept-Language: en-nz Pragma: no-cache Host:...
Mandiant First Response multiple security vulnerabilities
DoS on SSL parsing in HTTPS interface, data manipulation...
CVE-2006-6430
Web services in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 do not require HTTPS, which allows remote attackers to obtain sensitive information by sniffing the unencrypted HTTP traffic...
CVE-2006-6430
Web services in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 do not require HTTPS, which allows remote attackers to obtain sensitive information by sniffing the unencrypted HTTP traffic...
CVE-2006-6430
CVE-2006-6430 affects Xerox WorkCentre/WorkCentre Pro before versions 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000; these web services do not require HTTPS, allowing remote attackers to sniff unencrypted HTTP traffic and obtain sensitive information. Remediation is to u...
w3m -- format string vulnerability
An anonymous person reports: w3m-0.5.1 crashes when using the -dump or -backend options to open a HTTPS URL with a SSL certificate where the CN contains "%n%n%n%n%n%n"...
CVE-2006-5349
Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, when running on HP Tru64 UNIX, has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln OHS07...
CVE-2006-5347
Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle Collaboration Suite 9.0.4.2 has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln OHS04...
CVE-2006-5349
Technical details for CVE-2006-5349 are not publicly available in the provided documents; the entries describe an unspecified vulnerability affecting Oracle HTTP Server 9.2.0.7 on HP Tru64 UNIX without concrete details. Monitor for updates.
CVE-2006-5348
Technical details for CVE-2006-5348 are not publicly provided in the supplied documents. Available records reference the vulnerability but do not specify affected products, root cause, or fixes. Monitor for updates.
CVE-2006-5348
Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, Oracle Collaboration Suite 9.0.4.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln OHS05...
CVE-2006-5347
CVE-2006-5347 affects Oracle HTTP Server 9.2.0.7 and Oracle Collaboration Suite 9.0.4.2. The vulnerability is described as unspecified with unknown impact and remote attack vectors related to HTTPS/SSL (aka Vuln# OHS04); no remediation details are provided in the connected documents.
CVE-2006-5347
Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle Collaboration Suite 9.0.4.2 has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln OHS04...
CVE-2006-5349
Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, when running on HP Tru64 UNIX, has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln OHS07...
Linksys WRT54G routers do not properly validate user credentials
Overview Linksys WRT54G routers do not properly validate user credentials before allowing configuration changes. Description The Linksys WRTG54G is a broadband router that has an integrated wireless access point and ethernet switch. The WRT54G router's configuration settings are controlled by a w...